Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Manipulating Shim and Office Infrastructure for Code Injection and Privilege Escalation

DEFCONConference via YouTube

Overview

Explore a 41-minute conference talk from DEF CON that revives a supposedly resolved attack surface through novel exploitation techniques. Learn about a stealthy approach to applying malicious shims without registry modifications or SDB files, leaving no disk traces. Dive into reverse engineering of the shim infrastructure, focusing on undocumented APIs and kernel driver analysis. Discover offensive capabilities within the infrastructure and follow the development process of this unique technique. Examine groundbreaking research that reveals how to manipulate two distinct OS components for DLL injection and privilege escalation. Understand the exploitation of undocumented RPC interfaces in OfficeClickToRun.exe, enabling DLL injection into processes running with SYSTEM privileges. Master the specific conditions required for successful exploitation, including the strategic use of Opportunistic Lock and App Compatibility mechanisms.

Syllabus

DEF CON 32 - Manipulating Shim and Office for Code Injection - Ron Ben-Yizhak, David Shandalov

Taught by

DEFCONConference

Reviews

Start your review of Manipulating Shim and Office Infrastructure for Code Injection and Privilege Escalation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.